Vulnerability Description
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Tn-5900 Firmware | <= 3.3 |
| Moxa | Tn-5900 | - |
| Moxa | Tn-4900 Firmware | <= 1.2.4 |
| Moxa | Tn-4900 | - |
Related Weaknesses (CWE)
References
- https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tnPatchVendor Advisory
- https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tnPatchVendor Advisory
FAQ
What is CVE-2023-34217?
CVE-2023-34217 is a vulnerability with a CVSS score of 8.1 (HIGH). TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient ...
How severe is CVE-2023-34217?
CVE-2023-34217 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-34217?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Tn-5900 Firmware, Moxa Tn-5900, Moxa Tn-4900 Firmware, Moxa Tn-4900.